<!DOCTYPE html>
<!--
    Licensed to the Apache Software Foundation (ASF) under one
    or more contributor license agreements.  See the NOTICE file
    distributed with this work for additional information
    regarding copyright ownership.  The ASF licenses this file
    to you under the Apache License, Version 2.0 (the
    "License"); you may not use this file except in compliance
    with the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

    Unless required by applicable law or agreed to in writing,
    software distributed under the License is distributed on an
    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    KIND, either express or implied.  See the License for the
    specific language governing permissions and limitations
    under the License.
--><html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="viewport" content="initial-scale=1.0, maximum-scale=1.0, user-scalable=no, width=device-width">
<meta name="generator" content="joDoc">
<title>Apache Cordova API Documentation</title>
<link rel="stylesheet" type="text/css" href="index.css">
<link rel="stylesheet" type="text/css" href="mobile.css" media="only screen and (max-device-width: 1024px)">
<link rel="stylesheet" type="text/css" href="prettify/prettify.css">
</head>
<body>
        <div id="header">
            <h1><a href="index.html">Apache <strong>Cordova</strong> Documentation</a></h1>
            <small>
                <select><optgroup label="English" value="en">
<option value="edge">edge</option>
<option value="2.2.0rc2">2.2.0rc2</option>
<option value="2.2.0rc1">2.2.0rc1</option>
<option selected value="2.2.0">2.2.0</option>
<option value="2.1.0rc2">2.1.0rc2</option>
<option value="2.1.0rc1">2.1.0rc1</option>
<option value="2.1.0">2.1.0</option>
<option value="2.0.0rc1">2.0.0rc1</option>
<option value="2.0.0">2.0.0</option>
<option value="1.9.0rc1">1.9.0rc1</option>
<option value="1.9.0">1.9.0</option>
<option value="1.8.1">1.8.1</option>
<option value="1.8.0rc1">1.8.0rc1</option>
<option value="1.8.0">1.8.0</option>
<option value="1.7.0rc1">1.7.0rc1</option>
<option value="1.7.0">1.7.0</option>
<option value="1.6.1">1.6.1</option>
<option value="1.6.0rc1">1.6.0rc1</option>
<option value="1.6.0">1.6.0</option>
<option value="1.5.0rc1">1.5.0rc1</option>
<option value="1.5.0">1.5.0</option>
<option value="1.4.1">1.4.1</option>
<option value="1.4.0rc1">1.4.0rc1</option>
<option value="1.4.0">1.4.0</option>
<option value="1.3.0">1.3.0</option>
<option value="1.2.0">1.2.0</option>
<option value="1.1.0">1.1.0</option>
<option value="1.0.0rc3">1.0.0rc3</option>
<option value="1.0.0rc2">1.0.0rc2</option>
<option value="1.0.0rc1">1.0.0rc1</option>
<option value="1.0.0">1.0.0</option>
<option value="0.9.6">0.9.6</option>
<option value="0.9.5.1">0.9.5.1</option>
<option value="0.9.5">0.9.5</option>
<option value="0.9.4">0.9.4</option>
<option value="0.9.3">0.9.3</option>
<option value="0.9.2">0.9.2</option>
</optgroup>
<optgroup label="Español" value="es"><option value="1.0.0">1.0.0</option></optgroup>
<optgroup label="Français" value="fr">
<option value="1.3.0">1.3.0</option>
<option value="1.2.0">1.2.0</option>
<option value="1.1.0">1.1.0</option>
</optgroup>
<optgroup label="Japanese" value="jp">
<option value="2.0.0">2.0.0</option>
<option value="1.9.0">1.9.0</option>
<option value="1.8.1">1.8.1</option>
<option value="1.7.0">1.7.0</option>
<option value="0.9.5">0.9.5</option>
</optgroup>
<optgroup label="Korean" value="kr"><option value="2.0.0">2.0.0</option></optgroup></select></small>
        </div>
        <div id="subheader">
            <h1>Domain Whitelist Guide</h1>
            <small><select><option value="Domain%2520Whitelist%2520Guide">Domain Whitelist Guide</option>
<option value="Domain%20Whitelist%20Guide_overview">      - Overview</option>
<option value="Domain%20Whitelist%20Guide_specification">      - Specification</option>
<option value="Domain%20Whitelist%20Guide_syntax">      - Syntax</option>
<option value="Domain%20Whitelist%20Guide_android">      - Android</option>
<option value="Domain%20Whitelist%20Guide_bada">      - Bada</option>
<option value="Domain%20Whitelist%20Guide_blackberry">      - BlackBerry</option>
<option value="Domain%20Whitelist%20Guide_ios">      - iOS</option>
<option value="Domain%20Whitelist%20Guide_symbian">      - Symbian</option>
<option value="Domain%20Whitelist%20Guide_webos">      - webOS</option>
<option value="Domain%20Whitelist%20Guide_windows_phone">      - Windows Phone</option>
<option value="Domain%20Whitelist%20Guide_tizen">      - Tizen</option></select></small>
        </div>

        <div id="sidebar">
            <div class="vertical_divider"></div>
        <h1>API Reference</h1>
<ul>
<li><a href="cordova_accelerometer_accelerometer.md.html#Accelerometer">Accelerometer</a></li>
<li><a href="cordova_camera_camera.md.html#Camera">Camera</a></li>
<li><a href="cordova_media_capture_capture.md.html#Capture">Capture</a></li>
<li><a href="cordova_compass_compass.md.html#Compass">Compass</a></li>
<li><a href="cordova_connection_connection.md.html#Connection">Connection</a></li>
<li><a href="cordova_contacts_contacts.md.html#Contacts">Contacts</a></li>
<li><a href="cordova_device_device.md.html#Device">Device</a></li>
<li><a href="cordova_events_events.md.html#Events">Events</a></li>
<li><a href="cordova_file_file.md.html#File">File</a></li>
<li><a href="cordova_geolocation_geolocation.md.html#Geolocation">Geolocation</a></li>
<li><a href="cordova_globalization_globalization.md.html#Globalization">Globalization</a></li>
<li><a href="cordova_media_media.md.html#Media">Media</a></li>
<li><a href="cordova_notification_notification.md.html#Notification">Notification</a></li>
<li><a href="cordova_splashscreen_splashscreen.md.html#Splashscreen">Splashscreen</a></li>
<li><a href="cordova_storage_storage.md.html#Storage">Storage</a></li>
</ul>
<h1>Guides</h1>
<ul>
<li><a href="guide_getting-started_index.md.html#Getting%20Started%20Guides">Getting Started Guides</a></li>
<li><a href="guide_command-line_index.md.html#Command-Line%20Usage">Command-Line Usage</a></li>
<li><a href="guide_upgrading_index.md.html#Upgrading%20Guides">Upgrading Guides</a></li>
<li><a href="guide_project-settings_index.md.html#Project%20Settings">Project Settings</a></li>
<li><a href="guide_plugin-development_index.md.html#Plugin%20Development%20Guide">Plugin Development Guide</a></li>
<li><a href="guide_whitelist_index.md.html#Domain%20Whitelist%20Guide">Domain Whitelist Guide</a></li>
<li><a href="guide_cordova-webview_index.md.html#Embedding%20WebView">Embedding WebView</a></li>
<li><a href="_index.html">Keyword Index</a></li>
</ul>
</div>

        <div id="scrollable">
            <div id="content">
                <h1><a name="Domain%20Whitelist%20Guide">Domain Whitelist Guide</a></h1>

<h2>
<a name="Domain%20Whitelist%20Guide_overview">Overview</a>
</h2>

<p>Domain whitelisting in Apache Cordova is a security model that controls access to outside domains, such as <code>http://google.com</code>. The default security policy is to block all network access. The application developer can then delcare access to specific network domains and subdomains.</p>

<h2>
<a name="Domain%20Whitelist%20Guide_specification">Specification</a>
</h2>

<p>Domain whitelisting lays the ground work for the <a class="external" href="http://www.w3.org/TR/widgets-access/">W3C Widget Access</a> specification. In the Widget Access specification, the <code>&lt;access&gt;</code> element is used to declare access to specific network domains. In the future, Apache Cordova will abstract the platform whitelisting implementations to the W3C Widget Access specification. However, for now each platform must implement it's own domain whitelisting.</p>

<h2>
<a name="Domain%20Whitelist%20Guide_syntax">Syntax</a>
</h2>

<p>Access to <a class="external" href="http://google.com">google.com</a>:</p>

<pre class="prettyprint"><code>http://google.com
</code></pre>

<p>Access to the secure <a class="external" href="https://google.com">google.com</a> (<code>https://</code>):</p>

<pre class="prettyprint"><code>https://google.com
</code></pre>

<p>Access to the subdomain <a class="external" href="http://maps.google.com">maps.google.com</a>:</p>

<pre class="prettyprint"><code>http://maps.google.com
</code></pre>

<p>Access to all the subdomains on <a class="external" href="http://google.com">google.com</a> (e.g. <a class="external" href="http://mail.google.com">mail.google.com</a> and <a class="external" href="http://docs.google.com">docs.google.com</a>):</p>

<pre class="prettyprint"><code>http://*.google.com
</code></pre>

<p>Access to all domains (e.g. <a class="external" href="http://google.com">google.com</a> and <a class="external" href="http://developer.mozilla.org">developer.mozilla.org</a>):</p>

<pre class="prettyprint"><code>*
</code></pre>

<h2>
<a name="Domain%20Whitelist%20Guide_android">Android</a>
</h2>

<h3>Details</h3>

<p>The whitelisting rules are found in <code>res/xml/cordova.xml</code> and declared with the element <code>&lt;access origin="..." /&gt;</code>.</p>

<p>Android has full support for the whitelisting syntax.</p>

<h3>Syntax</h3>

<p>Access to <a class="external" href="http://google.com">google.com</a>:</p>

<pre class="prettyprint"><code>&lt;access origin="http://google.com" /&gt;
</code></pre>

<h2>
<a name="Domain%20Whitelist%20Guide_bada">Bada</a>
</h2>

<p>Domain whitelisting is unsupported on Bada. By default, all domains are accessible.</p>

<h2>
<a name="Domain%20Whitelist%20Guide_blackberry">BlackBerry</a>
</h2>

<h3>Details</h3>

<p>The whitelisting rules are found in <code>www/config.xml</code> and declared with the element <code>&lt;access uri="..." /&gt;</code>.</p>

<p>For a complete reference, see the <a class="external" href="https://developer.blackberry.com/html5/documentation/ww_developing/Access_element_834677_11.html">BlackBerry WebWorks Access Element documentation</a>.</p>

<h3>Syntax</h3>

<p>Access to <a class="external" href="http://google.com">google.com</a>:</p>

<pre class="prettyprint"><code>&lt;access uri="http://google.com" subdomains="false" /&gt;
</code></pre>

<p>Access to  <a class="external" href="http://maps.google.com">maps.google.com</a>:</p>

<pre class="prettyprint"><code>&lt;access uri="http://maps.google.com" subdomains="false" /&gt;
</code></pre>

<p>Access to all the subdomains on <a class="external" href="http://google.com">google.com</a>:</p>

<pre class="prettyprint"><code>&lt;access uri="http://google.com" subdomains="true" /&gt;
</code></pre>

<p>Access to all domains, including <code>file://</code> protocol:</p>

<pre class="prettyprint"><code>&lt;access uri="*" subdomains="true" /&gt;
</code></pre>

<h2>
<a name="Domain%20Whitelist%20Guide_ios">iOS</a>
</h2>

<h3>Details</h3>

<ol>
<li>Open <code>Cordova.plist</code>.
<ul>
<li>In Xcode, it is found at <code>AppName/Resources/Cordova.plist</code>
</li>
<li>In the directory, it is found at <code>AppName/Cordova.plist</code>
</li>
</ul>
</li>
<li>Add a new <code>String</code> value under the <code>ExternalHosts</code> key.
<ul>
<li>We recommend using Xcode to avoid editing raw XML.</li>
</ul>
</li>
</ol>
<h3>Syntax</h3>

<p>Access to <a class="external" href="http://google.com">google.com</a> and the secure <a class="external" href="https://google.com">google.com</a> (<code>https://</code>):</p>

<pre class="prettyprint"><code>google.com
</code></pre>

<p>Access to the subdomain <a class="external" href="http://maps.google.com">maps.google.com</a>:</p>

<pre class="prettyprint"><code>maps.google.com
</code></pre>

<p>Access to all the subdomains on <a class="external" href="http://google.com">google.com</a> (e.g. <a class="external" href="http://mail.google.com">mail.google.com</a> and <a class="external" href="http://docs.google.com">docs.google.com</a>):</p>

<pre class="prettyprint"><code>*.google.com
</code></pre>

<p>Access to all domains (e.g. <a class="external" href="http://google.com">google.com</a> and <a class="external" href="http://developer.mozilla.org">developer.mozilla.org</a>):</p>

<pre class="prettyprint"><code>*
</code></pre>

<p>Wildcards on iOS (<code>*</code>) are more flexible than the <a class="external" href="http://www.w3.org/TR/widgets-access/">W3C Widget Access</a> specification.</p>

<p>Access to all subdomains and TLDs (<code>.com</code>, <code>.net</code>, etc):</p>

<pre class="prettyprint"><code>*.google.*
</code></pre>

<h2>
<a name="Domain%20Whitelist%20Guide_symbian">Symbian</a>
</h2>

<p>Domain whitelisting is unsupported on Symbian. By default, all domains are accessible.</p>

<h2>
<a name="Domain%20Whitelist%20Guide_webos">webOS</a>
</h2>

<p>Domain whitelisting is unsupported on webOS. By default, all domains are accessible.</p>

<h2>
<a name="Domain%20Whitelist%20Guide_windows_phone">Windows Phone</a>
</h2>

<p>Domain whitelisting is unsupported on Windows Phone. By default, all domains are accessible.</p>

<h2>
<a name="Domain%20Whitelist%20Guide_tizen">Tizen</a>
</h2>

<h3>Details</h3>

<p>The domain whitelisting rules are found in <code>config.xml</code> located in your application root directory.
They are declared with the element <code>&lt;access origin="..." /&gt;</code>.
For a complete reference, see the [Tizen Accessing External Network Resources documentation][10].</p>

<h3>Syntax</h3>

<p>Access to <a class="external" href="http://google.com">google.com</a>:</p>

<pre class="prettyprint"><code>&lt;access origin="http://google.com" subdomains="false" /&gt;
</code></pre>

<p>Access to the secure <a class="external" href="https://google.com">google.com</a> (<code>https://</code>):</p>

<pre class="prettyprint"><code>&lt;access origin="https://google.com" subdomains="false" /&gt;
</code></pre>

<p>Access to all the subdomains on <a class="external" href="http://google.com">google.com</a>:</p>

<pre class="prettyprint"><code>&lt;access origin="http://google.com" subdomains="true" /&gt;
</code></pre>

<p>Access to all domains, including <code>file://</code> protocol:</p>

<pre class="prettyprint"><code>&lt;access origin="*" subdomains="true" /&gt;
</code></pre>

            </div>
        </div>

        <!-- Functionality and Syntax Highlighting -->
        <script type="text/javascript" src="index.js"></script><script type="text/javascript" src="prettify/prettify.js"></script>
</body>
</html>
